GitHub falls victim to world’s largest DDoS attack: What you should know

2 Mar 2018

GitHub homepage. Image: Casimiro PT/Shutterstock

GitHub weathers the largest-known DDoS attack in history as cyberattacks grow in sophistication.

GitHub was the victim of the most powerful distributed denial of service (DDoS) attack on record on Wednesday (28 February).

One of the most-used attack methods, a DDoS attack involves hammering sites with more traffic than they can cope with to overwhelm servers and temporarily put a webpage offline.

According to a blogpost, GitHub faced a mammoth 1.35Tbps of traffic, causing the service to go offline for a total of 10 minutes.

Once the attack was detected, GitHub enlisted the help of mitigation service Akamai Prolexic, which routes traffic through its larger network and blocks malicious requests.

Capacity to fight the attack was there

Vice-president of web security at Akamai, Josh Shaul, told Wired that the company had modelled its capacity “based on five times the biggest attack that the internet has ever seen”, so, while the attack was massive, the capacity was there just in case something similar to this GitHub incident happened.

There were a number of defensive strategies employed to combat the attack. As well as the standard DDoS defence infrastructure, Akamai also introduced specific features to protect against attacks from ‘memcached’ servers. These are database caching systems, which are left open to the public internet without any authentication requirements in place.

According to The Register, there are thousands of these vulnerable systems online at present, meaning new ways for DDoS attacks to be carried out without the need for a massive botnet, which is how the 2016 attack on DNS services company Dyn was carried out.

Using memcaching, the attackers were able to amplify the traffic volumes they were aiming at GitHub, initially by spoofing GitHub’s IP address and taking control of memached instances that were inadvertently accessible over the public internet.

A second attack?

According to web monitoring firm ThousandEyes, a second DDoS attack hit GitHub on 1 March, with its availability dropping to 61pc. While this attack was more severe, services were again restored quickly. Comparative charts of both attacks can be seen here.

The underlying issue of memached servers lying exposed on the public internet is being tackled by the infrastructure community, with owners of said servers receiving requests to take the exposed servers off the internet, protecting them behind internal networks and firewalls. Filters that immediately block suspicious levels of memcached traffic are also either developed or in the works from many defence firms.

GitHub was the victim of a six-day-long DDoS attack carried out in 2015 by Chinese state-sponsored hackers but, since then, botnets and cyberattack methods in general have grown in sophistication.

While the attacks were severe, the response from GitHub and Akamai shows that the defences against them are robust. Many people and organisations are now on high alert for what will certainly be a slew of new memcache attacks.

GitHub homepage. Image: Casimiro PT/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects